Advertisement
Check these out next
Docker Registry with Basic Authentication
Nov. 23, 2014•0 likes•1,520 views
6 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Technology
( 2014. 10. 15. ) Docker 캐쥬얼톡에서 발표한 내용입니다. 크게 3부분으로 나누어져 있습니다. 1. Docker Registry on Local Machine 2. Docker Registry on AWS ( EC2, S3 ) 3. Docker Registry with Basic Authentication 각각의 내용들에 대해서는 개인 블로그에서도 살펴보실 수 있습니다. ( http://blog.ansuchan.com )
Suchan AnFollow
Developer at (주)씨티알앨파트너스 ( Ctrl Partners, Inc. )Advertisement
Advertisement
Advertisement
Recommended
Docker로 서버 개발 편하게 하기Dronix
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software
Introduction to C Programming LanguageSimplilearn
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...Palo Alto Software
9 Tips for a Work-free VacationWeekdone.com
I Rock Therefore I Am. 20 Legendary Quotes from PrinceEmpowered Presentations
Docker Registry with Basic Authentication
- Docker Registry + Basic Auth @dobestan
- 빌드빌드
- 개꿀
- 미래창조과학부 대략 3000만원 지원금
- 개꿀
- 화려한시작
- 최소한 [Deis] 정도는 만들겠지...
- [Mesosphere] 를 만들어볼까?
- 잘하면 [Kubernetes] 정도는 만들어야지...
- 현재
- 흐긓그느ㅡㅎ그흑느흐그흐느흐ㅡㄲ느흐느ㅡㅎㄱ
- 제발 빌드만이라도 가능하길 ...
- 빌드빌드 제발 빌드만이라도 되길 ...
- Docker Registry + Basic Auth @dobestan
- Docker Registry Docker Registry is Private Docker Repository
- 로컬
- docker pull registry $ docker pull registry Pulling repository registry e42d15ec8417: Download complete 3511136a3c5a: Download complete ... CMD Result
- docker run registry $ docker run -‐-‐name local-‐registry -‐d -‐p 5000:5000 registry d530e2564a47a8d5d42a6e2aa65dc9ab6975e5ff48d5602bfb9f6c524 CMD Result
- $ docker ps docker ps IMAGE PORTS NAMES registry:0.8.1 0.0.0.0:5000-‐>5000/tcp local-‐registry CMD Result
- curl localhost:5000 $ curl localhost:5000 -‐i HTTP/1.1 200 OK Server: gunicorn/18.0 Content-‐Type: application/json X-‐Docker-‐Registry-‐Version: 0.8.1 X-‐Docker-‐Registry-‐Config: dev "docker-‐registry server (dev) (v0.8.1)" CMD Result
- hello world FROM busybox MAINTAINER dobestan <dobestan@gmail.com> CMD /bin/echo "hello world" Dockerfile
- docker build $ docker build -‐t dobestan/hello_world . Sending build context to Docker daemon 2.56 kB Sending build context to Docker daemon Step 0 : FROM busybox -‐-‐-‐> a9eb17255234 Step 1 : MAINTAINER dobestan <dobestan@gmail.com> -‐-‐-‐> Running in 28d0d8946c86 -‐-‐-‐> 1ca10bda6835 Removing intermediate container 28d0d8946c86 Step 2 : CMD /bin/echo "hello world" -‐-‐-‐> Running in 1d1c96781eae -‐-‐-‐> 82bdf77324c2 Removing intermediate container 1d1c96781eae Successfully built 82bdf77324c2 CMD Result
- docker run $ docker run dobestan/hello_world hello world CMD Result
- docker push $ docker push localhost:5000/hello_world Result The push refers to a repository [localhost:5000/hello_world] Sending image list Pushing repository localhost:5000/hello_world (1 tags) 511136ea3c5a: Image successfully pushed 42eed7f1bf2a: Image successfully pushed 120e218dd395: Image successfully pushed a9eb17255234: Image successfully pushed 1ca10bda6835: Image successfully pushed 82bdf77324c2: Image successfully pushed Pushing tag for rev [82bdf77324c2] on {http://localhost:5000/v1/ repositories/hello_world/tags/latest} CMD
- curl $ curl http://localhost:5000/v1/repositories/hello_world/tags/ "82bdf77324c2f24758372d4bc36c72be41718d10503495139968" CMD Result
- docker run $ docker run localhost:5000/hello_world Unable to find image 'localhost:5000/hello_world' locally Pulling repository localhost:5000/hello_world 82bdf77324c2: Download complete 511136ea3c5a: Download complete 42eed7f1bf2a: Download complete 120e218dd395: Download complete a9eb17255234: Download complete 1ca10bda6835: Download complete hello world CMD Result
- 로컬끝
- AWSEC2 + S3
- 로컬과 거의 동일함
- 거의 같으니 빠르게 ...
- CloudInit * cloud-‐init is the Ubuntu package that handles early initialization of a cloud instance.
- S3 Bucket
- docker pull registry $ docker pull registry Pulling repository registry e42d15ec8417: Download complete 3511136a3c5a: Download complete ... CMD Result
- docker run registry $ docker run -‐-‐name local-‐registry -‐d -‐p 5000:5000 -‐e SETTINGS_FLAVOR=s3 -‐e AWS_BUCKET=dobestan-‐docker-‐registry -‐e STORAGE_PATH=/registry -‐e AWS_KEY=QWERASCBCRTUN46NHTA -‐e AWS_SECRET=GXzD8MWdh6KdYaB2wWkJJ9PcUENK3a registry d530e2564a47a8d5d42a6e2aa65dc9ab6975e5ff48d5602bfb9f6c524 CMD Result
- docker pull nginx $ docker pull nginx Pulling repository registry 61e8f94e1d65: Download complete 511136ea3c5a: Download complete ... CMD Result
- http { ... server { listen 80; server_name registry.dobestan.com; location { proxy_pass http://docker-‐registry:5000; } ... } ... } nginx.conf nginx.conf https://gist.github.com/dobestan/953b146f324f1a1e46fa
- docker run nginx $ docker run -‐-‐name nginx-‐registry -‐d -‐v ~/nginx.conf:/etc/nginx.conf # 설정 파일 -‐-‐link docker-‐registry:docker-‐registry # 컨테이너 링킹 -‐p 80:80 nginx 1fa1eeaa48975680315d73b1499883bc416bdbba63adf4a94b913e377 CMD Result
- docker push $ docker push registry.dobestan.com/hello_world CMD The push refers to a repository [registry.dobestan.com:5000/ Result hello_world] Sending image list Pushing repository registry.dobestan.com/hello_world (1 tags) 511136ea3c5a: Image successfully pushed 42eed7f1bf2a: Image successfully pushed 120e218dd395: Image successfully pushed a9eb17255234: Image successfully pushed 1ca10bda6835: Image successfully pushed 82bdf77324c2: Image successfully pushed Pushing tag for rev [82bdf77324c2] on {http://registry.dobestan.com/ v1/repositories/hello_world/tags/latest}
- S3 Bucket
- AWS끝 EC2 + S3
- AUTH
- HTTP + User Auth
- htpasswd .htpasswd is a flat-‐file used to store usernames and password for basic authentication on an Apache HTTP Server $ sudo apt-‐get -‐y install apache2-‐utils CMD
- htpasswd $ htpasswd -‐c .htpasswd dobestan New password: Re-‐type new password: Adding password for user dobestan CMD Result $ cat .htpasswd dobestan:$apr1$mtXLPDLn$YXdZDqy8Rrbtq39iieV2B0 CMD Result
- ... location / { proxy_pass http://docker-‐registry:5000; proxy_set_header Host $host; proxy_read_timeout 900; auth_basic "Restricted"; auth_basic_user_file ~/.htpasswd; } ... nginx.conf nginx.conf https://gist.github.com/dobestan/953b146f324f1a1e46fa
- docker push $ docker push 54.64.158.154/hello_world CMD Result The push refers to a repository [54.64.158.154/hello_world] Sending image list Pushing repository 54.64.158.154/hello_world (1 tags) 511136ea3c5a: Pushing 2014/09/20 23:36:39 HTTP code 401, Docker will not send auth headers over HTTP.
- Docker will not send auth headers over HTTP.
- HTTPS HTTP + User Auth
- Self Signed Certi $ openssl genrsa -‐out private_key.pem 2048 CMD 1. 개인키 생성하기
- Self Signed Certi $ openssl req -‐new -‐key private_key.pem -‐out server.csr Country Name (2 letter code) [AU]:KO State or Province Name (full name) [Some-‐State]:Seoul Locality Name (eg, city) []:Seoul Organization Name (eg, company):Dreampic Organizational Unit Name (eg, section) []:Dev Common Name (e.g. server FQDN or YOUR name) []:54.64.158.154 Email Address []:dobestan@gmail.com CMD Result 2. CSR 생성하기
- Self Signed Certi 3. $ openssl x509 -‐req -‐days 365 -‐in server.csr -‐signkey private_key.pem -‐out server.crt CMD Result 인증서 발급하기 Signature ok subject=/C=KO/ST=Seoul/L=Seoul/O=Dreampic/OU=Dev/CN=54.64.158.154/ emailAddress=dobestan@gmail.com Getting Private key
- Self Signed Certi 4. 인증서 설치하기 $ sudo cp server.crt /usr/share/ca-‐certificates/ CMD $ echo "server.crt" | sudo tee -‐a /etc/ca-‐certificates.conf CMD $ sudo update-‐ca-‐certificates CMD Result Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. Running hooks in /etc/ca-‐certificates/update.d....done.
- docker login $ docker login 54.64.158.154 CMD Result Username: dobestan Password: Email: dobestan@gmail.com 2014/09/25 14:16:25 Error response from daemon: Invalid Registry endpoint: Get https://54.64.158.154/v1/_ping: x509: cannot validate certificate for 54.64.158.154 because it doesn't contain any IP SANs
- Error response from daemon: Invalid Registry endpoint x509: cannot validate certificate for it doesn't contain any IP SANs
- HTTPS HTTP + User Auth + Domain Name
- /etc/hosts ... 127.0.0.1 localhost 54.64.158.154 registry.dobestan.com ... /etc/hosts
- Self Signed Certi $ openssl req -‐new -‐key private_key.pem -‐out server.csr Country Name (2 letter code) [AU]:KO State or Province Name (full name) [Some-‐State]:Seoul Locality Name (eg, city) []:Seoul Organization Name (eg, company):Dreampic Organizational Unit Name (eg, section) []:Dev Common Name : registry.dobestan.com Email Address []:dobestan@gmail.com CMD Result 2. CSR 생성하기 : 도메인 이름으로
- docker login $ docker login https://registry.ansuchan.com Username: dobestan Password: Email: dobestan@gmail.com Login Succeeded CMD Result
- AUTH끝 진짜끝
- 결론 열심히 사설 인증서 만들고 가짜 도 메인도 추가하고 해서 무조건 인증을 받도록 하자.
- 결론 열심히 사설 인증서 만들고 도메인도 추가하고 해서 인증하자 공인 SSL인증서를 구매하거나... 접속 IP 제한을 걸던가 ... 더 편한 방법을 찾자
- 감사합니다
Advertisement